go tls自签证书服务端客户端验证

作者: 777SSL证书_便宜ssl证书申请_便宜ssl证书购买 | 日期: 2020-02-10 | 标签: ssl证书,申请ssl证书,免费ssl证书

客户端

        config := &tls.Config{
			Certificates:       []tls.Certificate{crt},
			RootCAs:          pool,
			InsecureSkipVerify: false,
        }

客户端tls配置,
Certificates 客户端证书
RootCAs 根证书验证,简单点自签验证只有1个根证书签发客户端证书和服务端证书

func main() {
        flag.Parse()
        buf, err := ioutil.ReadFile("ca.crt")
        if err != nil {
                return
        }
        pool := x509.NewCertPool()
        pool.AppendCertsFromPEM(buf)

        cert, err := tls.LoadX509KeyPair(crt, key)
        if err != nil {
                log.Fatalln(err)
        }

        config := &tls.Config{
			Certificates:       []tls.Certificate{crt},
			RootCAs:          pool,
			InsecureSkipVerify: false,
        }

        //注意这里要使用证书中包含的主机名称
        conn, err := tls.Dial("tcp", addr+":8888", config)
        if err != nil {
                log.Fatalln(err.Error())
        }

        defer conn.Close()
        log.Println("Client Connect To ", conn.RemoteAddr())
        status := conn.ConnectionState()
        fmt.Printf("%#v\n", status)
        buf = make([]byte, 1024)
        ticker := time.NewTicker(1 * time.Millisecond * 500)
        for {
                select {
                case <-ticker.C:
                        {
                                _, err = io.WriteString(conn, "hello")
                                if err != nil {
                                        log.Fatalln(err.Error())
                                }
                                len, err := conn.Read(buf)
                                if err != nil {
                                        fmt.Println(err.Error())
                                } else {
                                        fmt.Println("Receive From Server:", string(buf[:len]))
                                }
                        }
                }
        }

}

服务端

        tlsConfig := &tls.Config{
			Certificates:       []tls.Certificate{crt},
			ClientAuth:         tls.RequireAndVerifyClientCert,
			ClientCAs:          pool,
        }

服务端tls配置

func main() {
        flag.Parse()
        buf, err := ioutil.ReadFile("ca.crt")
        if err != nil {
                return
        }

        pool := x509.NewCertPool()
        pool.AppendCertsFromPEM(buf)

        crt, err := tls.LoadX509KeyPair(crt, key)
        if err != nil {
                log.Fatalln(err.Error())
        }

        tlsConfig := &tls.Config{
                Certificates:       []tls.Certificate{crt},
                ClientAuth:         tls.RequireAndVerifyClientCert,
                ClientCAs:          pool,
        }

        tlsConfig.Time = time.Now

        tlsConfig.Rand = rand.Reader
        l, err := tls.Listen("tcp", ":8888", tlsConfig)
        if err != nil {
                log.Fatalln(err.Error())
        }
        for {
                conn, err := l.Accept()
                if err != nil {
                        fmt.Println(err.Error())
                        continue
                } else {
                        go HandleClientConnect(conn)
                }
        }
}
  •